Finland publishes guidance on quantum-safe cryptography
- Katarzyna Celińska
- 4 days ago
- 1 min read
I’m genuinely happy to see PQC slowly breaking through into the awareness of more European government agencies. National Cyber Security Centre Finland (is a good example: they are actively encouraging organizations to prepare for a transition to quantum-safe encryption algorithms and have published guidance on how to approach the transition.
Photo: Freepik
This is the kind of topic that should appear more often in “mainstream” cybersecurity discussions, and also start showing up on CISO and board agendas as a strategic risk. Not because we need to replace everything tomorrow, but because the transition is multi-year and needs a roadmap.
The core rationale is the classic “harvest now, decrypt later” threat: data encrypted today with classical public-key methods may be collected now and decrypted later when sufficiently powerful quantum computers become available.
NCSC-FI also highlighted this topic publicly in its weekly review, explicitly recommending preparation for quantum-safe encryption algorithms.
What the Finnish guidance focuses on
➡️ It encourages organizations to begin preparations for adopting quantum-safe algorithms and points to the broader standardization efforts replacing vulnerable methods.
➡️ It also emphasizes that some applications and protocols have already begun using quantum-safe approaches based on draft standards, showing that this is not purely theoretical.
If you are a CISO, IT leader, or GRC professional:
Start now with what is realistic:
➡️ Cryptographic inventory: where cryptography is used, which algorithms, which systems, which vendors.
➡️ Gap analysis: which assets rely on quantum-vulnerable public-key cryptography?
➡️ Roadmap & crypto-agility: prioritize long-lifecycle data and high-impact systems, then plan phased migration.
Author: Sebastian Burgemejster
Comments